Thoughts on address selection
Fred Baker <fred@cisco.com> Tue, 10 November 2009 01:42 UTC
Return-Path: <fred@cisco.com>
X-Original-To: ipv6@core3.amsl.com
Delivered-To: ipv6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C8BFC3A6A18 for <ipv6@core3.amsl.com>; Mon, 9 Nov 2009 17:42:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.088
X-Spam-Level:
X-Spam-Status: No, score=-106.088 tagged_above=-999 required=5 tests=[AWL=-0.089, BAYES_00=-2.599, J_CHICKENPOX_13=0.6, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fZ2QGkfQNH+E for <ipv6@core3.amsl.com>; Mon, 9 Nov 2009 17:42:31 -0800 (PST)
Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87]) by core3.amsl.com (Postfix) with ESMTP id F1C933A68E0 for <ipv6@ietf.org>; Mon, 9 Nov 2009 17:42:30 -0800 (PST)
Authentication-Results: sj-iport-5.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AjkFAC5U+EpAaHte/2dsb2JhbACBTsQAl1eEPgSBaHg
X-IronPort-AV: E=Sophos;i="4.44,712,1249257600"; d="scan'208";a="103218754"
Received: from hkg-core-1.cisco.com ([64.104.123.94]) by sj-iport-5.cisco.com with ESMTP; 10 Nov 2009 01:42:56 +0000
Received: from host-24-88.meeting.ietf.org (tky-vpn-client-230-121.cisco.com [10.70.230.121]) by hkg-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id nAA1gt08013476; Tue, 10 Nov 2009 01:42:55 GMT
Message-Id: <F25A2D83-2504-4354-90BB-4CD2B0D3D743@cisco.com>
From: Fred Baker <fred@cisco.com>
To: draft-arifumi-6man-addr-select-conflict@tools.ietf.org, draft-ietf-6man-addr-select-considerations@tools.ietf.org, draft-ietf-6man-addr-select-sol@tools.ietf.org
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Subject: Thoughts on address selection
Date: Tue, 10 Nov 2009 10:42:54 +0900
X-Mailer: Apple Mail (2.936)
Cc: IETF IPv6 Mailing List <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Nov 2009 01:42:31 -0000
I'm following up on the discussion just had in 6man regarding address selection. I have this awful feeling that we are fighting off the alligators and forgetting to drain the swamp. Correct me if I am wrong. The objectives being the source address selection algorithm are to: 1) keep a datagram within as local a routing domain as possible 2) to facilitate the lowest possible RTT during an exchange 3) to work around issues caused by ingress filtering (BCP 38/84) In short, we recommend that the source, which knows its own addresses, compare them to the known addresses of a potential destination, and choose the address pair that have the largest number of contiguous prefix bits in common. This achieves (1), and in so doing potentially achieves (2), although there are ample cases in which that is not so. Overcoming those failure cases and (3) are the real issue the table in RFC 3484 addresses. Am I correct? It seems to me that at least in part, this is a matter of making very broad assumptions about routing that may not be valid. It seems to me that there are two things we can do reliably. I have mentioned these to you before, in the v6ops context; let me bring them up again. They come down to - if you want the host to make statements about the network, I think it needs to know more than it currently knows about the network, either by measurement or by explicit communication. I think the simplest solution to (2) is, frankly, to open connections at some rate (if I have N addresses and my peer has M, send a SYN-or- whatever on successive pairs in the cross-product every K milliseconds until I get a SYN-ACK on one of them, and then close all other sessions). The order of selection is determined according to the prefix length algorithm - the fastest responder is likely to be the most local domain, which is likely to be the one with a common prefix. In local scenarios, "open successive sessions" boils down to opening one session; in more remote scenarios, it will tend to select an address pair that (a) works and (b) has low RTT relative to the routing implied by other address pairs. The simplest solution to (3), if my machine is in an administrative domain facing an ISP, is to have my DMZ router perform the BCP 38 filter before the datagram reaches the ISP, and in the failure case reply with some form of ICMP message that says "routing took your datagram to an egress into the ISP with prefix <mumble>; select an address in prefix <mumble>". That will give the host the opportunity to select the correct address to traddle ingress filtering reliably. Is there another requirement I'm missing? I don't think a table in the host that attempts to outthink the network is reliable or wise. http://tools.ietf.org/html/draft-arifumi-6man-addr-select-conflict "Considerations of address selection policy conflicts", Arifumi Matsumoto, Tomohiro Fujisaki, Ruri Hiromi, 24-Oct-09, <draft-arifumi-6man-addr-select-conflict-01.txt> http://tools.ietf.org/html/draft-ietf-6man-addr-select-considerations "Considerations for IPv6 Address Selection Policy Changes", Tim Chown, 19-Oct-09, <draft-ietf-6man-addr-select-considerations-00.txt> http://tools.ietf.org/html/draft-ietf-6man-addr-select-sol "Solution approaches for address-selection problems", Arifumi Matsumoto, Tomohiro Fujisaki, Ruri Hiromi, Ken-ichi Kanayama, 1-Jul-09, <draft-ietf-6man-addr-select-sol-02.txt>
- Thoughts on address selection Fred Baker
- Re: Thoughts on address selection Brian E Carpenter
- RE: Thoughts on address selection Tony Hain
- Re: Thoughts on address selection Arifumi Matsumoto
- Re: Thoughts on address selection Pekka Savola
- RE: Thoughts on address selection Wes Beebee (wbeebee)
- RE: Thoughts on address selection Mohacsi Janos
- Re: Thoughts on address selection Fred Baker
- Re: Thoughts on address selection Mohacsi Janos
- Re: Thoughts on address selection Brian Haberman
- Re: Thoughts on address selection Mohacsi Janos
- Re: Thoughts on address selection Arifumi Matsumoto
- Re: Thoughts on address selection Arifumi Matsumoto
- Re: Thoughts on address selection Fred Baker
- Re: Thoughts on address selection Fred Baker
- Re: Thoughts on address selection Arifumi Matsumoto
- Re: Thoughts on address selection Arifumi Matsumoto
- Re: Thoughts on address selection Arifumi Matsumoto
- Re: Thoughts on address selection Mohacsi Janos
- Re: Thoughts on address selection Fred Baker
- Re: Thoughts on address selection Scott Brim
- Re: Thoughts on address selection Stig Venaas
- Re: Thoughts on address selection Arifumi Matsumoto
- Re: Thoughts on address selection Markku Savela
- RE: Thoughts on address selection Narasimhan Venkataramaiah
- Re: Thoughts on address selection Scott Brim
- Re: Thoughts on address selection Brian E Carpenter
- Re: Thoughts on address selection Stig Venaas
- Re: Thoughts on address selection Fred Baker
- Re: Thoughts on address selection Fred Baker
- RE: Thoughts on address selection Christian Huitema
- Re: Thoughts on address selection Brian E Carpenter
- Re: Thoughts on address selection Stig Venaas
- Re: Thoughts on address selection Brian E Carpenter
- Re: Thoughts on address selection Stig Venaas
- Re: Thoughts on address selection Mohacsi Janos
- Re: Thoughts on address selection Arifumi Matsumoto
- RE: Thoughts on address selection Dan Wing
- RE: Thoughts on address selection Rémi Denis-Courmont
- Re: Thoughts on address selection Scott Brim
- RE: Thoughts on address selection Dan Wing
- Discussion summary and next-step Re: Thoughts on … Arifumi Matsumoto
- RE: Discussion summary and next-step Re: Thoughts… Dan Wing
- Re: Discussion summary and next-step Re: Thoughts… Fred Baker
- Re: Discussion summary and next-step Re: Thoughts… Arifumi Matsumoto
- Re: Discussion summary and next-step Re: Thoughts… Rémi Denis-Courmont
- Re: Discussion summary and next-step Re: Thoughts… Brian E Carpenter
- Re: Discussion summary and next-step Re: Thoughts… Arifumi Matsumoto
- RE: Discussion summary and next-step Re: Thoughts… Dan Wing
- RE: Discussion summary and next-step Re: Thoughts… Dan Wing
- Re: Discussion summary and next-step Re: Thoughts… Arifumi Matsumoto
- Re: Discussion summary and next-step Re: Thoughts… Arifumi Matsumoto